Sandbox and real security.

L

LabZero

Thread author
Hello everyone.

The sandbox now sprout everywhere, many AV vendors implement this technology in their products, even with the promise of being able to detect zero day.

I'd think so right on this point: the zero day.

Having an accurate detection means adopting a sandboxing technology more or less effective to study the behavior of malware or suspicious traffic flows, trying to analyze and determine the degree of danger/malevolence in signatureless mode. Yes, because if I don't know the malware, I can't identify it through signatures notes.

For nearly all users charmed sandbox, these continue to be considerations but are really effective?

Because everything they have in hand regarding the advanced attack is possibly a sandbox report where the malware is launched ...

It is precisely for this reason that we must never forget: the real system. I can't expect everything to be restored as before the attack ... but it is certainly possible to investigate against an alarm received from sandbox if the targeted client has Impairment indicators ... confirm the attack and understand it to the Host.

And why not, decide to make an isolation that allows us,after a precise detection, of proceeding with an analysis that provides safe answers.

-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?


This is what I expect about the sandbox of the future.

The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.
 
Last edited by a moderator:

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Believe it or not i have never tried a sandbox software, i have downloaded Sandboxie several times but never got around to installing it. :oops::eek::D
 
  • Like
Reactions: XhenEd and LabZero

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
K- Well said. What you describe does indeed currently exist (Dynamic Analysis with Virtualization), but sadly only in top tier Enterprise products.

M
 
D

Deleted member 178

Thread author
The only home software i know using detection inside virtualization is Returnil (and the detection was weak...)
 
  • Like
Reactions: XhenEd and LabZero

Janl92l

Level 7
Verified
Nov 7, 2014
339
The only home software i know using detection inside virtualization is Returnil (and the detection was weak...)
Isnt avast deepscreen something like detection in a virtual envrioument called ng? i am pretty sure eset use something like this too to detect threats.
 
D

Deleted member 178

Thread author
CIS do it too. In the case of Returnil it virtualize the whole OS if my memory is good.
 
H

hjlbx

Thread author
-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?


This is what I expect about the sandbox of the future.

The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.

@Klipsh

Not quite what you want but anyhow you might be interested in a Sandboxie Add-On Utility called Buster Sandbox Analyzer. It's something you'd find useful with your level of IT knowledge...

Of course, you need to be using Sandboxie.

Buster Sandbox Analyzer
Contributed by Buster, a member of the Sandboxie forum.

Buster Sandbox Analyzer is a tool designed to analyze the behaviour of sandboxed processes and determine if they are malware.

Usage and Download: See Forum Topic: forums.sandboxie.com • View topic - Buster Sandbox Analyzer

The other alternative is a Cuckoo Sandbox that uses emulation. Currently, the only two products that employ emulation for home security solutions is Comodo Internet Security (FLS integrated CAMAS and maybe now or soon Valkyrie) and VooDooShield.

  • Advanced sandboxes are the realm of the advanced users...
  • Sandboxes, by default, are "dumb"...
  • Security soft vendors - all the way around - have done a poor job of creating softs that will alert the user as to what is happening in terms of malicious activity... "Hey Mister, your data is being stolen !" Sandboxes are no different... they don't tell you anything.
  • SkyNet won't be released any time soon...
 
  • Like
Reactions: LabZero
L

LabZero

Thread author
@Klipsh

Not quite what you want but anyhow you might be interested in a Sandboxie Add-On Utility called Buster Sandbox Analyzer. It's something you'd find useful with your level of IT knowledge...

Of course, you need to be using Sandboxie.

Buster Sandbox Analyzer
Contributed by Buster, a member of the Sandboxie forum.

Buster Sandbox Analyzer is a tool designed to analyze the behaviour of sandboxed processes and determine if they are malware.

Usage and Download: See Forum Topic: forums.sandboxie.com • View topic - Buster Sandbox Analyzer

The other alternative is a Cuckoo Sandbox that uses emulation. Currently, the only two products that employ emulation for home security solutions is Comodo Internet Security (FLS integrated CAMAS and maybe now or soon Valkyrie) and VooDooShield.

  • Advanced sandboxes are the realm of the advanced users...
  • Sandboxes, by default, are "dumb"...
  • Security soft vendors - all the way around - have done a poor job of creating softs that will alert the user as to what is happening in terms of malicious activity... "Hey Mister, your data is being stolen !" Sandboxes are no different... they don't tell you anything.
  • SkyNet won't be released any time soon...
Thanks @hjlbx for the information you shared :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top